Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-09-23T04:00:00
Updated: 2016-10-17T13:57:01
Reserved: 2005-09-23T00:00:00
Link: CVE-2005-3048
JSON object: View
NVD Information
Status : Modified
Published: 2005-09-24T00:03:00.000
Modified: 2016-10-18T03:32:32.213
Link: CVE-2005-3048
JSON object: View
Redhat Information
No data.
CWE